What has happened?
It is no longer news that a trade war is brewing between the United States of America and China over the reported insertion of a microchip, designed to spy on the United States, for trade and military secrets, into the motherboards of servers made by Supermicro and designed to be exported into the U.S.
According to the Bloomberg article that broke the story, the investigation has been ongoing for three years now; companies such as Apple and the United States Department of Defense are among the more than 900 companies in different countries that are said to be affected.
The story has taken another turn. A cyber-security expert from a major telecommunications company, who discovered compromised Supermicro servers in its network, claimed that the company removed the inserted microchips from the Supermicro systems in their network in August of this year.
Aftermath of the News
When the news broke, it shaved sixty percent off the share price of Supermicro in the stock market. This is understandable because many companies would now be looking to dispose of their Supermicro products, because of the fear that the microchip might be in their systems. These companies will also be afraid that their servers might be crawling with hackers from China, who are looking to steal their data. Following what Yossi Appleboum said about motherboards of other hardware companies having been compromised, every IT systems manufacturing company will surely be at high alert.
The expert, Yossi Appleboum who previously worked in the technology unit of the Israeli Army intelligence Corps and now the co-CEO of Sepio Systems in Maryland, USA, mentioned that Supermicro might not be the only servers where the microchips have been inserted and that other brands, whose products were made in China, may have also been compromised. The implication of the investigation is that individuals and companies will have to bring their systems to be checked. IT Specialists like Appleboum whose company specializes in hardware security have been drafted already to help examine some of the suspected compromised servers of an unnamed communications company. It will be a fairly long and somewhat painstaking process, but a thorough examination must be done by IT technicians in order to ensure that the personal information of the individuals or companies who have used the suspected compromised servers is well protected.
Replacing Your Supermicro Servers
Servers and motherboards are notoriously difficult, not to mention fairly expensive, to replace. This is why hardware attacks are graver than normal software attacks in the IT business. Hardware attacks are more difficult to pull off and are more devastating to the victim. While software cyber-attacks can be easily detected, hardware hacks cost government and spy agencies millions of dollars, and can take years to be detected.
Motherboards are also fragile, and care must be taken in removing even the tiniest parts from it so as to avoid any damage. With the alarms that have been raised with the news about the Chinese government hacking Supermicro, most companies are going to be switching to other companies like Dell and HP and will try to replace their existing Supermicro servers. The good news is that there are IT firms that can cater to this need. These companies specialize in buying old servers from organizations and selling them to schools, NGOs, and third party vendors at market rate.
In cyber-security training, it is generally recommended that you periodically update your servers, because with time the operating system of the server ages and as this happens, flaws are developed, and newer malwares are created which can affect the server’s overall performance. Also not replacing hardware means giving a potential hacker enough time to familiarize themselves with how your server’s hardware works, and how to get access into your system.
Therefore, as a company you need to liquidate your aging servers from time to time, and replace them with new state of the art servers. That way, if you have a piece of hardware that has been compromised, the hackers cannot gain access as easily. According to the Bloomberg article, it was the process of Amazon’s due diligence that they discovered that the Supermicro system motherboards at Elemental Inc. had been compromised.
What Are the Best Practices for Getting Value for Money for Your Supermicro Servers?
If you are looking to dispose of your Supermicro equipment, there is no reason why you shouldn’t still get value for your assets. All you need to do is to consult with a IT firm that specialize in refurbishing old equipment and recycling them. These firms are skilled with handling decommissions of server assets. One way they can add additional value is by breaking down components and paying you for individual pieces if it offers a higher value than the server as a whole.
In spite of the seeming loss of confidence in Supermicro, the servers are still of high quality and a large percentage remain unaffected by this isolated attack. So even if you are planning to dispose, there is still a demand for the equipment, and you will be able capitalize on the value of it. For example, it is understandable that Apple, Amazon, and especially the Department of Defense will not trust a brand like Supermicro, cutting ties entirely given the connection and media coverage with the Bloomberg story. These companies of course have highly sensitive information from different databases on their servers, so even a potential threat will initiate an investigation to find the source and scale of the operation.
How should you go about it?
As a company with sensitive data, here are some things that you should take note of when you are trying to get maximum value for your Supermicro products. You must be able to answer questions about model numbers, processors, and ram configurations. The goal helps you to keep your mind on the value of the Supermicro equipment you are selling, and to know what fair market value is. For example, an IT technician could be the one to evaluate your system and give the details necessary for a decommission. There are several firms around who can offer such services as Exit Technologies specializes in IT asset decommissions.
Have something to add? Let us know your thoughts in the comments below!